From c9d90203d446e34ca90d3febdad70dde7ef53769 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Mon, 22 Dec 2025 13:03:14 +0900
Subject: [PATCH] bekkalokk/nettsiden: use SSL cert for redirects

---
 hosts/bekkalokk/services/website/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/hosts/bekkalokk/services/website/default.nix b/hosts/bekkalokk/services/website/default.nix
index 5d1777f..5fd2df6 100644
--- a/hosts/bekkalokk/services/website/default.nix
+++ b/hosts/bekkalokk/services/website/default.nix
@@ -18,6 +18,14 @@ in {
     restartUnits = [ "phpfpm-pvv-nettsiden.service" ];
   });
 
+  security.acme.certs."www.pvv.ntnu.no" = {
+    extraDomainNames = [
+      "pvv.ntnu.no"
+      "www.pvv.org"
+      "pvv.org"
+    ];
+  };
+
   services.idp.sp-remote-metadata = [
     "https://www.pvv.ntnu.no/simplesaml/"
     "https://pvv.ntnu.no/simplesaml/"
@@ -86,16 +94,22 @@ in {
   services.nginx.virtualHosts."pvv.ntnu.no" = {
     globalRedirect = cfg.domainName;
     redirectCode = 307;
+    forceSSL = true;
+    useACMEHost = "www.pvv.ntnu.no";
   };
 
   services.nginx.virtualHosts."www.pvv.org" = {
     globalRedirect = cfg.domainName;
     redirectCode = 307;
+    forceSSL = true;
+    useACMEHost = "www.pvv.ntnu.no";
   };
 
   services.nginx.virtualHosts."pvv.org" = {
     globalRedirect = cfg.domainName;
     redirectCode = 307;
+    forceSSL = true;
+    useACMEHost = "www.pvv.ntnu.no";
   };
 
   services.nginx.virtualHosts.${cfg.domainName} = {